"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Known to apply to the following Sophos product(s) and version(s) Sophos Mobile Control 3.6Mobile Control 4.0
Operating systems iOS
Note: The procedure how to use Apple VPP together with SMC 5.0 or higher can be found in this article.
In order to use Apple's Volume Purchase Program (VPP) several steps are required which are listed below.
1. Enable an Apple ID for VPP You require an Apple ID which is enabled for the VPP program. This can be done via vpp.itunes.apple.com.
2. Download and configure service token (sToken) Once you have a VPP enabled Apple ID, log in to the VPP portal and download the service Token (sToken) at the bottom of your VPP account page. This sToken has to be configured in the Sophos Mobile Control web console.
To do so, follow these steps:
Note: The sToken is valid for one year and has to be renewed after that time.
3. Invite users to join your VPP program
Once the sToken is configured, you can invite your users to join your VPP program. Please make sure the VPP invitation email is configured properly in the "iOS Volume Purchase Program".
The email address you send the invitation email to can be a corporate address or a private email address. Depending on the user directory configured for your SMC server you can send out emails via the "Users" section (internal LDAP directory configured) or using the "VPP users" view (external LDAP directory configured).
Users will receive an email containing a link which they have to click on. If this is done on a PC, iTunes has to be installed. If the procedure is done on an iOS device, they have to authenticate with their Apple ID. After the user signed in, the Apple ID will be associated to your VPP account.
4. Create software package for your purchased application
Once you have purchased an application, you can now create a new software package within the SMC web console. To do so, log on to the SMC web console using your administrator account of your SMC customer.
Now the application package has been created, the VPP licenses can be assigned to users who have joined your VPP program. To do so, you have two different possibilities.
5a. Assign VPP licenses via the SMC software package
5b. Assign VPP licenses via the "Users" / "VPP users" view
You can also assign VPP licenses using the "Users" / "VPP users" view. Follow the steps below on how to do this.
Note: Depending on the directory configured for your SMC customer, you have to either go to the "Users" view or "VPP users". If you have the SMC internal LDAP user directory configured, the "Users" view has to be used. If an external LDAP directory is configured, the "VPP users" view is displayed and should be used.
Now, the licenses are assigned and the user will be able to download the app or you can distribute the application via the SMC server.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.